ipsec: TTL only applies for GRE interfaces and not VTI

author Michael Tremer <michael.tremer@ipfire.org>

Wed, 9 Jan 2019 18:56:01 +0000 (19:56 +0100)

committer Michael Tremer <michael.tremer@ipfire.org>

Mon, 4 Feb 2019 18:20:36 +0000 (18:20 +0000)
author Michael Tremer <michael.tremer@ipfire.org>
Wed, 9 Jan 2019 18:56:01 +0000 (19:56 +0100)
committer Michael Tremer <michael.tremer@ipfire.org>
Mon, 4 Feb 2019 18:20:36 +0000 (18:20 +0000)
diff --git a/src/scripts/ipsec-interfaces b/src/scripts/ipsec-interfaces

index 521bf54eb1cbf476011b0f884ba2ea0601a54726..79f5e7d72cb6144d4487cf6a6923572372be8f2c 100644 (file)
--- a/src/scripts/ipsec-interfaces
+++ b/src/scripts/ipsec-interfaces
@@ -83,13 +83,19 @@ main() {
                         local args=(
                                 "local" "${vpn_ip}"
                                 "remote" "${righthost}"
-                               "ttl" "255"
                         )
  
-                       # Add key for VTI
-                       if [ "${interface_mode}" = "vti" ]; then
-                               args+=( key "${id}" )
-                       fi
+                       case "${interface_mode}" in
+                               gre)
+                                       # Add TTL
+                                       args+=( "ttl" "255" )
+                                       ;;
+
+                               vti)
+                                       # Add key for VTI
+                                       args+=( "key" "${id}" )
+                                       ;;
+                       esac
  
                         # Update the settings when the interface already exists
                         if [ -d "/sys/class/net/${intf}" ]; then
author	Michael Tremer <michael.tremer@ipfire.org>
	Wed, 9 Jan 2019 18:56:01 +0000 (19:56 +0100)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Mon, 4 Feb 2019 18:20:36 +0000 (18:20 +0000)